lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 2 Sep 2014 20:40:40 +0200
From: Krisztián Pintér <pinterkr@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] A review per day - Schvrch


Marcos Antonio Simplicio Junior (at Tuesday, September 2, 2014, 7:53:56 PM):

> With the due respect to Keccak, which is a great design, its own
> authors recognize that it "excels in hardware performance", while it
> "has overall good software performance"
> (http://keccak.noekeon.org/). Since we normally consider hardware as
> an "attacker's platform"

some things to consider:

1, overall good is still good. a factor of 2 or 10 is not necessairly
that important, other aspects might be more important (like for
example die area or code reuse).

2, you make the error others made earlier, namely assuming today's
hardware. next gen processors might be very different, maybe they will
behave more like asics in terms of keccak performance. we have no idea
what processors will be like in ten years.

3, hw is not the attacker's platform. a lot of resource limited
friendly platforms might need to run a PBKDF, media players, routers,
any tool with an html or terminal admin interface, etc. it is a false
view that password defenders have gigantic multicore multigigabyte
monsters.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ